Package org.apache.cassandra.security

Class PEMReader

java.lang.Object

org.apache.cassandra.security.PEMReader

public final class PEMReader
extends java.lang.Object

This is a helper class to read private keys and X509 certifificates encoded based on PEM (RFC 1421) format. It can read Password Based Encrypted (PBE henceforth) private keys as well as non-encrypted private keys along with the X509 certificates/cert-chain based on the textual encoding defined in the RFC 7468

The input private key must be in PKCS#8 format.

It returns PKCS#8 formatted private key and X509 certificates.

Field Summary

Fields

Modifier and Type	Field	Description
static java.util.Set<java.lang.String>	SUPPORTED_PRIVATE_KEY_ALGORITHMS	The private key can be with any of these algorithms in order for this read to successfully parse it.

Constructor Summary

Constructors

Constructor	Description
PEMReader()

Method Summary

Modifier and Type	Method	Description
static java.security.cert.Certificate[]	extractCertificates(java.lang.String pemCerts)	Extracts the certificates/cert-chain from the PEM content.
static java.security.PrivateKey	extractPrivateKey(java.lang.String unencryptedPEMKey)	Extracts private key from the PEM content for the private key, assuming its not PBE.
static java.security.PrivateKey	extractPrivateKey(java.lang.String pemKey, java.lang.String keyPassword)	Extracts private key from the Password Based Encrypted PEM content for the private key.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SUPPORTED_PRIVATE_KEY_ALGORITHMS

public static final java.util.Set<java.lang.String> SUPPORTED_PRIVATE_KEY_ALGORITHMS

The private key can be with any of these algorithms in order for this read to successfully parse it. Currently, supported algorithms are,

     RSA, DSA or EC
 

The first one to be evaluated is RSA, being the most common for private keys.

Constructor Detail

PEMReader

public PEMReader()

Method Detail

extractPrivateKey

public static java.security.PrivateKey extractPrivateKey(java.lang.String unencryptedPEMKey)
                                                  throws java.io.IOException,
                                                         java.security.GeneralSecurityException

Extracts private key from the PEM content for the private key, assuming its not PBE.

Parameters:

unencryptedPEMKey - private key stored as PEM content

Returns:

PrivateKey upon successful reading of the private key

Throws:

java.io.IOException - in case PEM reading fails

java.security.GeneralSecurityException - in case any issue encountered while reading the private key

extractPrivateKey

public static java.security.PrivateKey extractPrivateKey(java.lang.String pemKey,
                                                         java.lang.String keyPassword)
                                                  throws java.io.IOException,
                                                         java.security.GeneralSecurityException

Extracts private key from the Password Based Encrypted PEM content for the private key.

Parameters:

pemKey - PBE private key stored as PEM content

keyPassword - password to be used for the private key decryption

Returns:

PrivateKey upon successful reading of the private key

Throws:

java.io.IOException - in case PEM reading fails

java.security.GeneralSecurityException - in case any issue encountered while reading the private key

extractCertificates

public static java.security.cert.Certificate[] extractCertificates(java.lang.String pemCerts)
                                                            throws java.security.GeneralSecurityException

Extracts the certificates/cert-chain from the PEM content.

Parameters:

pemCerts - certificates/cert-chain stored as PEM content

Returns:

X509 certiificate list

Throws:

java.security.GeneralSecurityException - in case any issue encountered while reading the certificates